trylika
commented
2 years ago this library works on php8, my suggestion would be to remove mcrypt from your php setup or improve your testing criteria
Closed XSylvain closed 2 years ago
trylika
commented
2 years ago this library works on php8, my suggestion would be to remove mcrypt from your php setup or improve your testing criteria
bshaffer
commented
2 years ago We have tests running for PHP 8.0, and we are not receiving those errors. Mcrypt is an optional dependency.
bshaffer
commented
2 years ago Seems to me this is just a static analyzer being overly aggressive.
We have to migrate into PHP8 so, my staff said that we have this kind of error before put new version of PHP
**FOUND 3 ERRORS AFFECTING 1 LINE
148 | ERROR | Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or pecl/mcrypt once available instead 148 | ERROR | Function mcrypt_create_iv() is deprecated since PHP 7.1 and removed since PHP 7.2; Use random_bytes() or OpenSSL instead 148 | ERROR | The constant "MCRYPT_DEV_URANDOM" is deprecated since PHP 7.1 and removed since PHP 7.2
FOUND 3 ERRORS AFFECTING 1 LINE
92 | ERROR | Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or pecl/mcrypt once available instead 92 | ERROR | Function mcrypt_create_iv() is deprecated since PHP 7.1 and removed since PHP 7.2; Use random_bytes() or OpenSSL instead 92 | ERROR | The constant "MCRYPT_DEV_URANDOM" is deprecated since PHP 7.1 and removed since PHP 7.2**
oauth2-server-php/src/OAuth2/ResponseType/AccessToken.php L:147
Removing the function below will impact the security of the access_token generation ? (just a rand of random of randomX)
if (function_exists('mcrypt_create_iv')) { $randomData = mcrypt_create_iv(20, MCRYPT_DEV_URANDOM); if ($randomData !== false && strlen($randomData) === 20) { return bin2hex($randomData); } }
Same thing here : oauth2-server-php/src/OAuth2/ResponseType/AuthorizationCode.php L: 92